Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Audit Highlights

The following are highlights of our work during the October 1, 2016–March 31, 2017 semiannual reporting period.

Audits, Evaluations, Inspections

Willingness to Share Divergent Views About Large Financial Institution Supervision Activities. Employees' willingness to share views varies by Federal Reserve Bank and among supervision teams at the same Reserve Bank. Leadership and management approaches play a major role in influencing employees' comfort level in sharing views.

The CFPB's Contract Award Controls and Processes. The CFPB generally complies with contract award laws, regulations, and agency policies and procedures, but some reviews and approvals were overlooked or not documented as required, and other controls and processes can be improved.

The CFPB's Controls for Identifying and Avoiding Conflicts of Interest Related to Vendor Activities. The CFPB can strengthen its controls for identifying and avoiding potential conflicts of interest associated with using vendors to support fair lending compliance and enforcement analysis. The agency should also evaluate whether to perform more fair lending enforcement analysis internally.

The Board's Use of Continuous Monitoring as a Supervisory Tool. Although the Board and the Reserve Banks have multiple documents that address the expectations for certain aspects of continuous monitoring, the Board has not issued guidance that harmonizes these expectations across its supervisory portfolios and the Reserve Banks.

The Board's Information Security Program. The Board has taken several steps to mature its information security program to ensure that it is consistent with Federal Information Security Modernization Act of 2014 (FISMA) requirements. However, the Board's information security program needs several improvements in the areas of risk management, identity and access management, security and privacy training, and incident response.

The CFPB's Information Security Program. The CFPB has taken several steps to mature its information security program to ensure that it is consistent with FISMA requirements. However, the CFPB's information security program needs several improvements in the areas of risk management, identity and access management, and contingency planning.

RELATED INFORMATION

Audits FAQs

See common Audits questions and answers.

Audit Reports

View a sortable list of audits, evaluations, and other reviews.